Detection / Hunteropenrouter
By the Numbers
- Total articles: 40
- By severity: Critical: 10, High: 23, Informational: 1, Low: 1, Medium: 5
- By category: APT: 3, data breach: 2, general security news: 6, malware: 7, phishing/social engineering: 5, threat actor: 1, vulnerability: 16
Top Threats
AI Weaponized as Both Lure and Attack Surface
Attackers are capitalizing on AI hype by creating fake Claude AI download sites that infect users with malware like RedLine Stealer and the Beagle backdoor, because employees eager to use new tools will bypass normal caution. At the same time, the AI infrastructure itself is dangerously insecure: commercial robots from Unitree contain hardcoded backdoors allowing remote hijacking, and the Model Context Protocol (MCP) servers connecting AI agents to business systems lack basic input validation, enabling SQL injection and data theft. This dual threat means organizations face risk from both social engineering around AI and fundamental flaws in the AI systems they deploy.
- https://www.trendmicro.com/en_us/research/26/e/installfix-and-claude-code.html
- https://www.sophos.com/en-us/blog/donuts-and-beagles-fake-claude-site-spreads-backdoor
- https://www.recordedfuture.com/research/hacking-embodied-ai
- https://www.akamai.com/blog/security/2026/may/other-side-mcp-threat-conversation
- https://www.zscaler.com/blogs/security-research/malicious-openclaw-skill-distributes-remcos-rat-and-ghostloader
- https://securelist.com/vulnerabilities-and-exploits-in-q1-2026/119733/
Trusted Cloud Infrastructure Hijacked for Phishing
Phishing operators are moving away from easily blocked suspicious domains and instead abusing legitimate cloud platforms to send their attacks, because emails and websites hosted on Amazon SES and Vercel automatically pass security checks. A large-scale AiTM campaign used fake HR 'code of conduct' notices to steal authentication tokens that bypass standard multi-factor authentication, while another operation used Vercel's AI website builder to generate pixel-perfect fake login pages in seconds. As a result, defenders can no longer rely on email authentication standards or visual inspection to catch phishing attempts.
- https://www.microsoft.com/en-us/security/blog/2026/05/04/breaking-the-code-multi-stage-code-of-conduct-phishing-campaign-leads-to-aitm-token-compromise/
- https://securelist.com/amazon-ses-phishing-and-bec-attacks/119623/
- https://cofense.com/blog/steal-smarter-not-harder-malicious-use-of-vercel-for-credential-phishing
- https://any.run/cybersecurity-blog/us-fake-invitation-phishing/
- https://securelist.com/suspicious-websites-undefined-trust-level/119675/
Software Supply Chain Under Sustained Siege
Nation-state groups and cybercriminals are systematically poisoning open-source repositories because compromising a single package can cascade to thousands of downstream developers. North Korea's ScarCruft trojanized a gaming platform to target ethnic Koreans, while OceanLotus uploaded malicious Python packages to PyPI that disguise their communications through a legitimate chat application. With PyPI itself admitting to access control flaws that could have let attackers seize control of popular projects, the entire trust model of 'install and build' is under strain, forcing tools like pnpm to add default waiting periods for new packages.
- https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/
- https://securelist.com/oceanlotus-suspected-pypi-zichatbot-campaign/119603/
- https://socket.dev/blog/pypi-fixes-high-severity-issues-found-in-security-audit
- https://socket.dev/blog/5-malicious-nuget-packages-impersonate-chinese-ui-libraries
- https://socket.dev/blog/pnpm-11-adds-new-supply-chain-protection-defaults
Actively Exploited Critical Vulnerabilities in Perimeter Devices
Three critical vulnerabilities were added to CISA's Known Exploited Vulnerabilities catalog this week—CVE-2026-0300 in Palo Alto Networks PAN-OS, CVE-2026-6973 in Ivanti EPMM, and CVE-2026-42208 in BerriAI LiteLLM—because attackers are already using them to breach networks. In parallel, new Linux kernel flaws dubbed Copy Fail and DirtyFrag allow any local user to gain root control without modifying files on disk, with Copy Fail already confirmed as exploited in the wild. These vulnerabilities matter because they sit at the network edge or in core infrastructure, meaning a single unpatched system can compromise an entire organization.
- https://www.cisa.gov/news-events/alerts/2026/05/06/cisa-adds-one-known-exploited-vulnerability-catalog
- https://www.cisa.gov/news-events/alerts/2026/05/07/cisa-adds-one-known-exploited-vulnerability-catalog
- https://www.cisa.gov/news-events/alerts/2026/05/08/cisa-adds-one-known-exploited-vulnerability-catalog
- https://cert.europa.eu/publications/security-advisories/2026-006/
- https://www.elastic.co/security-labs/copy-fail-dirtyfrag-linux-page-bugs-in-the-wild
- https://securelist.com/cve-2025-68670/119742/
- https://socket.dev/blog/free-certified-patches-for-critical-vm2-sandbox-escape
- https://www.akamai.com/blog/security/research/2026/may/advisory-cve-2026-34354-guardicore-local-privilege-escalation
Trending CVEs
- CVE-2026-0300 (3 mentions) — Critical unauthenticated buffer overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal, actively exploited in the wild with no patch available at time of disclosure.
- CVE-2026-6973 (2 mentions) — Improper input validation in Ivanti Endpoint Manager Mobile, actively exploited and added to CISA KEV catalog requiring immediate remediation.
- CVE-2026-42208 (1 mentions) — SQL injection in BerriAI LiteLLM, actively exploited and added to CISA KEV catalog, highlighting that AI infrastructure is already being targeted at the vulnerability level.
- CVE-2026-31431 (1 mentions) — Copy Fail Linux kernel privilege escalation exploiting page cache corruption, confirmed exploited in the wild and added to CISA KEV catalog.
- CVE-2025-68670 (1 mentions) — Pre-authentication remote code execution in xrdp for Linux, allowing full system compromise with no credentials required.
Sector Trends
- Education — The Canvas LMS breach exposed data from 8,800 institutions and 275 million individuals, creating a massive pool of verified personal information that attackers will use for targeted phishing and impersonation campaigns against students and staff for months to come.
- Technology / Software Development — Developers are under sustained attack through poisoned package repositories (PyPI, NuGet) and fake AI tool installers, because compromising a single developer machine can yield credentials that cascade into broader organizational breaches.
- Government — The UAT-8302 espionage campaign targeting South American and European government networks demonstrates that state-sponsored groups are sharing sophisticated toolkits across clusters to maintain persistent access to sensitive diplomatic and policy information.
- Banking and Finance — The TCLBANKER trojan's ability to self-propagate via WhatsApp and Outlook, combined with the continued abuse of legitimate cloud email services for business email compromise, indicates that financial fraud campaigns are becoming more autonomous and harder to contain.
Notable Incidents
- Instructure Canvas Breach Exposes 275 Million Users — One of the largest education-sector breaches on record, with suspected voice phishing as the initial access vector into interconnected SaaS platforms, demonstrating how a single compromised identity can expose an entire ecosystem.
- Massive AiTM Phishing Campaign Bypasses MFA at Scale — Targeted over 35,000 US employees with HR-themed lures and successfully bypassed non-phishing-resistant MFA using adversary-in-the-the-middle token theft, proving that standard MFA is no longer sufficient against well-crafted campaigns.
- Critical Vulnerabilities Found in Commercial Robots — Unitree robot dogs and humanoids contain hardcoded backdoors and undocumented APIs allowing remote hijacking, wireless infection of neighboring robots, and covert surveillance—turning physical automation assets into insider threats.
- Palo Alto PAN-OS Zero-Day Actively Exploited — A critical unauthenticated buffer overflow in a widely deployed firewall platform is being exploited in the wild with no patch available, forcing organizations to disable affected features immediately to prevent network compromise.